Use wildcard identity certificate for SSLVPN

I have a wildcard identity certificate *.example.com that I would like to use for SSLVPN connections, but haven't been able to get it installed. Has anyone been able to do this?

I found the issue. We were attempting to import the PEM version and not the PKCS12 version that contained the private key. I was able to get it to work.

Similar Messages

Wildcard * SSL Certificates for TTA??

Is there any way I can use a wildcard SSL certificate like:
*.mycompany.com
in my TTA server?
I was able to run all the cert commands successfully using the
*.mycompany.com cert:
Generated the CSR (tarantella security certrequest)
Installed the Cert File (tarantella security certuse)
Installed the Chained CA cert (tarantella security customca)
Review/validate certinfo (tarantella security certinfo)
The TTA-installed Apache webserver was fine with the wildcard certificate
since I was able to goto:
https://subdomain.mycompany.com (FYI, the subdomain is NOT "www")
But after I went to:
https://subdomain.mycompany.com/tarantella/
I got the following errors in my Java Console:
Secure Global Desktop 4.10.903: Connecting to Secure Global Desktop
server...
Secure Global Desktop 4.10.903: Using secure connection to
Secure Global Desktop server subdomain.mycompany.com:443
Secure Global Desktop 4.10.903: Certificate (*.mycompany.com) not accepted
for this Secure Global Desktop server (subdomain.mycompany.com) due to name
mismatch.
Secure Global Desktop 4.10.903: Client dropping connection.
Secure Global Desktop 4.10.903: Unable to connect: Certificate
(*.mycompany.com) not accepted for this Secure Global Desktop server
(subdomain.mycompany.com) due to name mismatch.
Secure Global Desktop 4.10.903: Missing negotiation feature cgi script
Is there a way that I can get the applet to do a regex-ish match on the name
for wildcard certs?
Cyrus

Hi Cyrus
I was loosely referring to PKI rules e.g.
http://www.ietf.org/proceedings/98mar/98mar-edited-110.htm
http://www.iihe.ac.be/internal-report/1997/stc-97-19.html
Wildcarding isn't supported. I understand what you are trying to do now
but it won't work because the software is looking for a certificate
matching a single server.
The certrequest command is just a wrapper script for openssl so it won't
stop you doing anything the openssl command believes may be valid. You don't
actually need to use this command it's just there for convenience, you
could do everything just using openssl.
The current documentation doesn't explictly state that you can't use
wildcards in certificates but it does say you need a certificate for a
SGD server. My understanding of the wildcard issue is that it is up to
a particular application to decide what is appropriate.
http://www.tarantella.com/support/documentation/sgd/ee/4.1/help/en-us/tsp/gettingstarted/whatare_certs.html
Regards
Barrie
On 2005-08-15, Cyrus Mehta <[email protected]> wrote:
May I inquire as to where these rules are listed regarding SSL Certs, I
didn't see anything to the effect in the documentation. Also why weren't
the rules enforced at certificate generation time. Even the validation
command (tarantella security certinfo) had no problems.
The CSR generation/signing went through flawlessly and created a wildcard
cert that Apache could use. It's one thing if the whole cert process
couldn't handle a wildcard, but it seems like everything would have worked
if only the applet accepted a wildcard regex match.
Regards,
Cyrus
barrie wrote:
Hi Cyrus
No, sorry. The rules say you can't do that. You are required to have a
certificate for a node not a network.
Regards
Barrie
On 2005-08-05, CM <[email protected]> wrote:
Is there any way I can use a wildcard SSL certificate like:
*.mycompany.com
in my TTA server?
I was able to run all the cert commands successfully using the
*.mycompany.com cert:
Generated the CSR (tarantella security certrequest)
Installed the Cert File (tarantella security certuse)
Installed the Chained CA cert (tarantella security customca)
Review/validate certinfo (tarantella security certinfo)
The TTA-installed Apache webserver was fine with the wildcard certificate
since I was able to goto:
https://subdomain.mycompany.com (FYI, the subdomain is NOT "www")
But after I went to:
https://subdomain.mycompany.com/tarantella/
I got the following errors in my Java Console:
Secure Global Desktop 4.10.903: Connecting to Secure Global Desktop
server...
Secure Global Desktop 4.10.903: Using secure connection to
Secure Global Desktop server subdomain.mycompany.com:443
Secure Global Desktop 4.10.903: Certificate (*.mycompany.com) not accepted
for this Secure Global Desktop server (subdomain.mycompany.com) due to
name
mismatch.
Secure Global Desktop 4.10.903: Client dropping connection.
Secure Global Desktop 4.10.903: Unable to connect: Certificate
(*.mycompany.com) not accepted for this Secure Global Desktop server
(subdomain.mycompany.com) due to name mismatch.
Secure Global Desktop 4.10.903: Missing negotiation feature cgi script
Is there a way that I can get the applet to do a regex-ish match on thename
for wildcard certs?
Cyrus

How to globally set WiFi to use device management identity certificate for all users?

I'm using Apple's Profile Management service in Mountain Lion, and discovered through serendipity that an enrolled device can authenticate on EAP-TLS to our WPA2-Enterprise Wifi using the Device Managment Identity Certificate instead of an individually-generated-for-user x509 cert. This is extremely convenient, because then we can effectively revoke a device's cert by unenrolling the device.
However, I haven't been able to figure out how to make WiFi always designate EAP-TLS and select the Device Management Identity Certificate globally (whether through /usr/bin/networksetup or through the Profile Manager).
Does anybody have any pointers on how to do this? My goal is to have an OS X >= 10.7 machine at a network login prompt capable of logging into the machine, authenticated against the Open Directory server the machine is already bound to. At present a wireless user cannot do this, as the machine's Wifi preferences haven't yet been set to use the aforementioned device management cert.
Thanks!

Making customisation from the default profile is generally considered poor practice and quite often doesn't work out as planned. (If you're interested in some more information on this, [http://mockbox.net/windows-7/227-customise-windows-7-default-profile.html see here] see here)
This article should help you with developing and deploying your customised Firefox 4 installation (without touching the Windows 7 default user profile):
http://mockbox.net/configmgr-sccm/174-install-and-configure-firefox-silently.html

Is it possible to use single ssl certificate for multiple server farm with different FQDN?

Hi
We generated the CSR request for versign secure site pro certificate
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
SSL Certificate for cn=abc.com considering abc.com as our major domain. now we have servers in this domain like www.abc.com, a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "
And the same message when trying to access https://www.abc.com from Google Chrome.
"This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"
so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.
Now my question is
1. Is is possible to remove above errors doing some ssl configuration on ACE?
2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate for CSR generated uisng cn =abc.com to be installed on ACE and will be used for all servers like www.abc.com , a.abc.com etc..
Thanks
Waliullah

If you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate. Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate. And right now it won't beause your certificate is for abc.com. You need a wildcard cert that will be for something like *.abc.com.
Hope this helps,
Sean

ASA5505 is using wrong identity certificate

I recently updated our ASA firmware from 8.4.(7)3 to 9.0.(4)24 and noticed afterwards that my web-facing interface (for SSL remote access vpn) was suddenly using a self-signed certificate. When I look at the identity certificates using ASDM, the only certificate listed is the one I installed from GoDaddy (and the one that it should be using - see screenshot). Anyone know what I can do to switch back to my GoDaddy cert?

Thanks, I ran that command and that appears to have fixed it. Strange, I don't have that line in any of my previous configs and it always worked fine.

Using existing SSL Certificate for Web Dispatcher

Hi,
We've registered a SSL certificate with wildcard option via GlobalSign. The history of this process is as below:
1. We created a Certificate Request with IIS and send it to GS (GlobalSign).
2. They send us the certificate file Globalsign Primary Secure Server CA and Globalsign Server Sign CA files.
3. Import all ceritifcates into IIS and then exported the certificate into a Cert.pfx file.
4. By using this file, we are able to import the SSL certificate into J2EE WAS 640 of Portal system.
5. Now we want to use same certificate to establish a web dispatcher installation as intermediate server for internet access.
Web Dispatcher documentations says to create a pse and req file with sapgenpse program and then send it to CA (here globalsign) to get a certificate.
But when we asked GS, they told us to use the certificate they send us before. They cannot create a certificate file for the ourput of web dispatcher. It will be billed us if we persist.
So, we have to find a way to use the existing certificate to enable SSL of Web Dispatcher.
Any idea?

Hi Huseyin,
I also have the same scenario. We also want to use the same certificate from verisign for our webdispatcher.
Do you know how to do. Can you help me.
Thanks and Regards,
Sailesh K

Why do BT use an invalid certificate for signing e...

Hello BT mods,
In your online guides on setting up email, the instructions advise specifying the outgoing mail server as mail.btinternet.com, with SSL enabled. However, the certificate used to sign the connection is invalid! (This is because of a host name mismatch due to using a yahoo certificate)
This is pretty bad practise and doesn't help non-technical people understand online security! Is this mismatch going to get rectified, or do BT simply plan to tell customers to trust an invalid certificate?
Cheers,
--jenger

See point 12 right at the end, the screenshot shows SSL ticked.
http://bt.custhelp.com/app/answers/detail/a_id/9960/kw/mail%20setup%20os%20x/related/1
Looking at it again, point 11 shows to leave outgoing SSL unticked, which is not how I remember it from earlier in the week - not sure if this has been updated since I reported it by phone or not, I remember the previous point as including a tick for SSL enabled as well though.
Incidentally, it would appear to work with outgoing SSL both enabled and disabled - I'd been running with SSL enabled for years, TBH this only came to light after I had problems sending email at the beginning of the week.
I did call the helpdesk, which was A Bad Idea, as I not only got conflicting info from two different reps, but the first one managed to delete all the historical mail in my inbox, thanks for that! My own fault really, I should have known better than to let someone onto my computer with GotoAssist! (And to be fair, the second guy I spoke to was actually really good, knew what he was talking about and everything. Just a shame my mail had already been deleted by then!)
These forums are a MUCH better resource! )

Using an SSL certificate for Exchange 2013

Hi,
I am not sure if this is the correct forum to post this question in.
Basically we are migrating from Exchange 2007 to Exchange 2013. Our 2013 machines have both roles installed and do everything. They are configured in a DAG. We have no hardware load balancing/reverse proxy or etc. inside or outside.
We use an alias of mail.domain.com to connect to OWA/ActiveSync and etc from the Internet.. this alias would point to mail1.domain.com which is the IP of the first Exchange 2013 server.
If that server were to break, we would point the alias of mail.domain.com to mail2.domain.com which is the IP of the second Exchange 2013 server. Clients would not need any changes before they started connecting to the remaining mail server (eventually)
and email would continue.
I know this is not an ideal setup, but for now it is what we have and would keep us running in the event of server failure.
My question is, when I request a certificate, do I need two of them with mail1.domain.com and mail2.domain.com as their primary and SAN of mail.domain.com OR do I request one certificate with mail.domain.com as the primary host and SAN of mail1.domain.com
and mail2.domain.com (and install the one certificate on both servers).
I want to include mail1.domain.com and mail2.domain.com as this can be helpful for testing and/or during migration.
I hope that makes some sense and appreciate any help people can offer.
Thanks!

You do not need server names in the certificate if you are using mail.domain.com only in all of the URL settings. You will want autodiscover.domain.com, however.
Consider configuring a different internal and external name for Outlook Anywhere so that Outlook knows whether it is connecting from the Internet or internally. For internal Outlook Anywhere, use a name that you don't publish to the Internet.
For example, use mail.domain.com for everything except internal Outlook Anywhere, use mailinternal.domain.com. Put mail.domain.com, mailinternal.domain.com and autodiscover.domain.com in the certificate.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Use public SSL certificate for WebAccess 8 on SLES10 Linux S

Currently my WebAccess 8 server is running on NetWare. I want to move my WebAccess to SLES10 SP3 server and use public SSL certificate from third-party on SLES 10. I think this is just to get apache to use the public cert on SLES 10 Linux server and nothing to change on WebAccess, right?
Thanks in advance.
Wilson

wilsonhandy wrote:
> Currently my WebAccess 8 server is running on NetWare. I want to move
> my WebAccess to SLES10 SP3 server and use public SSL certificate from
> third-party on SLES 10. I think this is just to get apache to use the
> public cert on SLES 10 Linux server and nothing to change on
> WebAccess, right?
Yeah, it's purely an Apache config. No need to do anything to
WebAccess just to get SSL working.
Novell Knowledge Partner
Enhancement Requests: http://www.novell.com/rms

How to use an existing certificate for the ABAP SSL setup using STRUST

Hi
All the documentation say to Create certificate Request and subsequently import the Certificate response from a CA.
In our case, the company has a certificate from a valid CA root and we would like to use this when creating the SSL PSE files, in particular, the SSL Server PSE.
Should I use sapgenpse instead of strust??
What are the steps to apply the certificate (www.company.com.au) to this instance (host.dom.internal)??????
Thanks
Doug

Hi Dough,
pls chk out this for SSL certificate
http://help.sap.com/saphelp_nw04/helpdata/en/20/37c33ae8361838e10000000a11402f/frameset.htm
http://help.sap.com/saphelp_nw04s/helpdata/en/20/37c33ae8361838e10000000a11402f/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/16/1bb23bdb0d0156e10000000a11402f/frameset.htm
http://help.sap.com/saphelp_nw04s/helpdata/en/16/1bb23bdb0d0156e10000000a11402f/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/c1/96b13b6e95b72ce10000000a114084/frameset.htm
http://help.sap.com/saphelp_nw04s/helpdata/en/c1/96b13b6e95b72ce10000000a114084/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/e1/b6b13bd0ac933ae10000000a11402f/frameset.htm
http://help.sap.com/saphelp_nw04s/helpdata/en/e1/b6b13bd0ac933ae10000000a11402f/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/aa/a8463c6796e61ce10000000a114084/frameset.htm
pls reward points
Thanx
Metha

Configuring use of clinet certificates for jax web services configuring u

Hello dear people,
I have a very simple jax web service under glassfish v.2.1 and I want to secure it using mutual authentication. I could configure using server certificates but I have problems with configuring the server to ask client certificates. The problem is that the clients are not asked to provide a valid client certificate to use the service. The clients can easily use the service without having a certificate.
Can anyone tell me what should I do to have this?
I got the example code from http://java.net/projects/javaeetutorial/downloads and the sample code that I used is in the folder : javaeetutorial5/examples/jaxws/helloservice-clientcert
Best regards,
Arash.

Did you resolve your issue?
I´m posting some comments that maybe can help newer administrators facing similar doubts.
I´m using NW PI 7.1 EHP1 also and some interfaces were developed for using an external site providing web services through SSL (HTTPS) connection.
As in browser navigation, secure sites protected with SSL has a certificate emited by a international CA. We didn´t perceive the "handshake" in the most of cases because normally the web browser has a group of trusted CAs loaded on its certificate store.
With SAP PI and its WAS Java a similar procedure occurs with a small difference. The WAS Java didn´t have the trusted CAs loaded on KeyStorage. So, when the adapter tries to establishing a connection with an HTTPS site (it is a background process) a "handshake" is required to accepting the certificate and produces a error.
We completes the handshake importing the entire certificate chain (you can upload the site´s certificate to your browser and export it as file) on Keytore under the Trusted CAs view.
Hope this can help someone. It´s an "easy" part of SSL communication.
Now I´m trying to configure the inverse: Some third party consuming the PI web services using SSL. I have an additional component on inbound/ incoming connections that is the SAP Web Dispatcher.
The Help.sap.com is the reference but as always its a little difficult to find the (sequential) path following the links (go ahead, go ahead, go ahead, go back, go back, go ahead)...
Regards,
Rodrigo Aoki

Using internally created certificate for IP-HTTPS lisenter temporarily during testing. Any issues?

We are planning our Direct Access environment now and plan to also use SSTP VPN on the same box.
I understand that the best practice is to use a certificate published by a public CA for the outward facing IP-HTTPS listener and we plan to do this however during testing we would like to use a certificate created from our internal CA. If our testing phase
is successful and we plan to go ahead we would then buy a public CA certificate and replace the internally created one.
I would just like to know how much of an issue/hassle it would be to do this. I believe that during the DA setup wizard it automatically inserts the certificates you provide. Is it a problem to change it afterward? Do you have uninstall DA and run through the
wizard again? Thanks.

Or you can use a Public 30-day trial SSL that is supported on all Clients.
The hassle of changing it, will be the same as when you are renewing a public SSL certificate in the future. And yes, you have to re-run the wizard again, after you have imported the new SSL certificate on the DA server.

How to install and use a client certificate for use with https sites on Android?

I need to be able to install a .p12 client side certificate to be sent to the admin section of my company's site to authenticate me as an employee. In FireFox for PC there is the ability to install this client certificate. In the mobile I cannot figure out how to get this to work.
I just bought an Asus Transformer Android Tablet running Honeycomb. I have tried the following method below:
http://support.mozilla.com/en-US/questions/786035
I get to the screen where I am able to present and choose a certificate but I still get the (Error code: ssl_error_handshake_failure_alert).
Now that Android is really picking up steam, there needs to be a way to install client side certificates to present to sites requesting them.
Is there another way to hack the system to allow or install a client side certificate in .p12 format?

Sorry, there's not a good way to install client certificates in Firefox 4 for Android. A bug has been filed, and any work that we do on adding this feature will be tracked here:
https://bugzilla.mozilla.org/show_bug.cgi?id=478938

Using self-signed certificates for HTTPS

I want to enable HTTPS protocol with WebLogic Server 5.1
I want to use a self signed certificate generated with the JDK keytool.
I've successfuly generated it and exported a dummy.cer file.
I've updated the weblogic.properties file with weblogic.security.certificate.server=dummy.cer
and I've got this exception
java.lang.NullPointerException:
at weblogic.security.RSAKey.toString(RSAKey.java:203)
at java.lang.String.valueOf(String.java, Compiled Code)
at java.lang.StringBuffer.append(StringBuffer.java, Compiled Code)
at weblogic.security.X509.toString(X509.java:261)
at java.lang.String.valueOf(String.java, Compiled Code)
at java.lang.StringBuffer.append(StringBuffer.java, Compiled Code)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:206)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java, Compiled
Code)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.Server.startServerDynamically(Server.java:99)
at weblogic.Server.main(Server.java:65)
at weblogic.Server.main(Server.java:55)
at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
at java.lang.Thread.run(Thread.java:479)
mar. dÚc. 18 12:20:03 GMT+01:00 2001:<E> <SSLListenThread> Security Configuration
Problem with SSL server certificate file (d:\weblogic\myserver\dummy.cer)
What's the right way to do this ?
[dummy.cer]

H Jerome,
The certificate may have been generated incorrectly but I would suggest logging
a support case.
Kind Regards,
Richard Wallace
Senior Developer Relations Engineer
BEA Support.
"Jerome Cahuzac" <[email protected]> wrote:
>
>
>
I want to enable HTTPS protocol with WebLogic Server 5.1
I want to use a self signed certificate generated with the JDK keytool.
I've successfuly generated it and exported a dummy.cer file.
I've updated the weblogic.properties file with weblogic.security.certificate.server=dummy.cer
and I've got this exception
java.lang.NullPointerException:
at weblogic.security.RSAKey.toString(RSAKey.java:203)
at java.lang.String.valueOf(String.java, Compiled Code)
at java.lang.StringBuffer.append(StringBuffer.java, Compiled
Code)
at weblogic.security.X509.toString(X509.java:261)
at java.lang.String.valueOf(String.java, Compiled Code)
at java.lang.StringBuffer.append(StringBuffer.java, Compiled
Code)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:206)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java,
Compiled
Code)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.Server.startServerDynamically(Server.java:99)
at weblogic.Server.main(Server.java:65)
at weblogic.Server.main(Server.java:55)
at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
at java.lang.Thread.run(Thread.java:479)
mar. dÚc. 18 12:20:03 GMT+01:00 2001:<E> <SSLListenThread> Security Configuration
Problem with SSL server certificate file (d:\weblogic\myserver\dummy.cer)
What's the right way to do this ?

How to search in Pages for any number or any character, using wildcards

Is it possible in Pages to use wildcards to search for any instance of any number? For example, I want to find all occurrences of any one or two digits followed by a colon, such as 8: or 37:
If I can't use wildcards, is there any other way to search, other than tediously searching for every instance of 1, every instance of 2, etc.?
Thanks!
Sue

Hello
Here is an enhanced version.
--[SCRIPT highlight_ digitspluscolon]
Enregistrer le script en tant que Script : highlight_ digitspluscolon.scpt
déplacer le fichier ainsi créé dans le dossier
<VolumeDeDémarrage>:Users:<votreCompte>:Library:Scripts:Applications:Pages:
Il vous faudra peut-être créer le dossier Pages et peut-être même le dossier Applications.
Ouvrir un document traitement de textes Pages
aller au menu Scripts , choisir Pages puis choisir highlight_ digitspluscolon
Dans les éléments de texte, l'arrière plan des groupes de chiffres
suivis d'un caractère deux points sera mis en rouge.
--=====
L'aide du Finder explique:
L'Utilitaire AppleScript permet d'activer le Menu des scripts :
Ouvrez l'Utilitaire AppleScript situé dans le dossier Applications/AppleScript.
Cochez la case "Afficher le menu des scripts dans la barre de menus".
--=====
Save the script as a Script: highlight_ digitspluscolon.scpt
Move the newly created file into the folder:
<startup Volume>:Users:<yourAccount>:Library:Scripts:Applications:Pages:
Maybe you would have to create the folder Pages and even the folder Applications by yourself.
Open a Pages word processor document.
go to the Scripts Menu, choose Pages, then choose "highlight_ digitspluscolon"
In the text objects, the background of groups of digits
with a trailing colon will be set to red.
--=====
The Finder's Help explains:
To make the Script menu appear:
Open the AppleScript utility located in Applications/AppleScript.
Select the "Show Script Menu in menu bar" checkbox.
--=====
Yvan KOENIG (VALLAURIS, France)
2010/07/17 -- enhanced to treat also text boxes and shapes
--=====
on run
local en_liste, le_dernier, un_groupe, le_premier, recul
local les_boites, une_boite, les_formes, une_forme
Try to treat the main text layer
tell application "Pages"
try
set le_document to name of document 1
tell document 1 to set le_texte to body text
on error
set le_texte to ""
end try
end tell -- Pages
if le_texte > "" then
set en_liste to my decoupe(le_texte, ":")
set le_dernier to 0
tell application "Pages" to tell document le_document
repeat with i from 1 to count of en_liste
set un_groupe to item i of en_liste
set le_dernier to le_dernier + 1 + (count of un_groupe)
set recul to 0
repeat with j from 1 to 10
if character -j of un_groupe is in "0123456789" then
set recul to -j
else
exit repeat
end if
end repeat -- with j
if recul < 0 then
set le_premier to le_dernier + recul
set character background color of characters le_premier thru le_dernier to {65535, 0, 0}
end if -- recul < 0
end repeat -- with i
end tell -- Pages…
end if -- le_texte > ""
Try to treat text boxes
try
tell application "Pages" to tell document le_document to set les_boites to every graphic whose class is text box
on error
set les_boites to {}
end try
if les_boites is not {} then
repeat with une_boite in les_boites
tell application "Pages" to tell document 1
tell une_boite to set le_texte to object text
end tell -- Pages…
my highlight(le_document, une_boite, le_texte)
end repeat
end if -- with f
Try to treat shapes
try
tell application "Pages" to tell document 1 to set les_formes to every graphic whose class is shape
on error
set les_formes to {}
end try
if les_formes is not {} then
repeat with f from 1 to count of les_formes
I know that using whose is more efficient than using an index but, in Pages '09, whose doesn't apply to shapes. *)
tell application "Pages" to tell document 1
set une_forme to item f of les_formes
tell une_forme to set le_texte to object text
end tell -- Pages
my highlight(le_document, une_forme, le_texte)
end repeat -- with f
end if
end run
--=====
on highlight(un_document, un_contenant, son_Texte)
local en_liste, le_dernier, un_groupe, recul, le_premier
set en_liste to my decoupe(son_Texte, ":")
set le_dernier to 0
tell application "Pages" to tell document un_document to tell un_contenant to tell object text
repeat with i from 1 to count of en_liste
set un_groupe to item i of en_liste
set le_dernier to le_dernier + 1 + (count of un_groupe)
set recul to 0
try (*
Useful if a shape was erroneously pasted in a text box. *)
repeat with j from 1 to 10
if character -j of un_groupe is in "0123456789" then
set recul to -j
else
exit repeat
end if
end repeat
end try
if recul < 0 then
set le_premier to le_dernier + recul
set character background color of characters le_premier thru le_dernier to {65535, 0, 0}
end if
end repeat
end tell -- Pages
end highlight
--=====
on decoupe(t, d)
local oTIDs, l
set oTIDs to AppleScript's text item delimiters
set AppleScript's text item delimiters to d
set l to text items of t
set AppleScript's text item delimiters to oTIDs
return l
end decoupe
--=====
--[/SCRIPT]
It scans the main text layer in Word Processor documents.
It scans text boxes and shape in Word Processor and Layout documents.
Is it useful to scan :
headers, footers, tables ?
Yvan KOENIG (VALLAURIS, France) samedi 17 juillet 2010 21:07:04

Use wildcard identity certificate for SSLVPN

Similar Messages

Maybe you are looking for